Understanding Assurance Engagements
Assurance engagements are essential for validating the controls at service organisations. These engagements involve evaluating the design and effectiveness of controls that are relevant to the internal control over financial reporting of user entities. The main objective is to provide user entities and their auditors with a reliable report on these controls. Key Components of the Service Organization’s Statement A comprehensive statement by a service organisation should cover the following:- Types of Services Provided: Including details about the classes of transactions processed.
- Procedures for Transactions: Both in information technology and manual systems, outlining how transactions are initiated, recorded, processed, corrected, and transferred.
- Related Accounting Records: Describing the records and specific accounts used, including handling of incorrect information.
- System’s Handling of Events: Beyond transactions, covering significant events and conditions.
- Preparation of Customer Reports: Detailing the entire process.
- Control Objectives and Controls: Listing relevant control objectives and the controls designed to achieve them.
- Customer-Implemented Controls: Identifying controls expected to be implemented by customers.
- Other Control Environment Aspects: Including risk assessment, information system, communication, control activities, and monitoring controls.
Detailed System Description
The system description accompanying the statement should provide insights into the custody controls for various financial instruments. This includes equities, fixed income, cash, mutual funds, and more. The control functions span across global locations such as Sydney, London, Hong Kong, Singapore, and the United States. Key areas covered include account setup, trading, cash management, security transfers, error handling, reconciliation, custody, and information system security. Independent Service Auditor’s Assurance Report The role of an independent service auditor is to provide an opinion on the service organisation’s description and the design and operation of its controls. This involves:- Planning and Performing Procedures: To obtain reasonable assurance that the description is fairly presented and controls are effectively designed and operated.
- Evaluating Control Environment: Assessing the organisational tone and control awareness among employees.
- Testing Controls: Through inquiries, observations, inspections, and reperformance of controls.
Objectives of Controls
Control objectives are specific goals that controls are designed to achieve. Examples include:- Accurate and complete establishment of new accounts.
- Authorization and recording of transactions in line with client instructions.
- Prompt identification and processing of corporate actions.
- Safeguarding assets from unauthorised use.